This week, the regulatory pressure on AI in finance reached a new intensity on both sides of the Atlantic: US bank examiners embedded AI questions into every routine review while the UK’s FCA Mills Review moves toward imminent board-level recommendations. Meanwhile, new data reveals a growing performance divide in private equity between AI leaders and laggards, and a critical governance gap has been exposed as new US model risk guidance explicitly leaves generative and agentic AI unregulated.
Top story: US regulators made AI a permanent agenda item in every single bank examination, with no review now proceeding without scrutiny of kill switches, vendor chains, and data boundaries.
US Regulators Embed AI Scrutiny Into Every Bank Exam
Quartz (qz.com) · Regulation
The OCC, Federal Reserve, and FDIC have made AI a standing topic in all routine bank examinations, pressing lenders on how they deploy AI in lending, KYC, and sanctions screening. Regulators are probing kill switches, vendor dependency chains, and whether AI tools are accessing data they were never authorised to use. Critically, updated April 2026 model risk guidance explicitly excludes generative and agentic AI — leaving the systems banks are deploying most aggressively in a regulatory blind spot, with a formal request for information on those systems still forthcoming.
FCA Mills Review Nears Summer Recommendations on AI’s 2030 Impact
FCA (fca.org.uk) · Regulation
The UK’s FCA is weeks away from delivering board-level recommendations from its Mills Review, which examined how AI — including agentic systems — will reshape retail financial services by 2030. The review was partly triggered by a Treasury Select Committee warning that UK regulators risk ‘potentially serious harm’ to consumers through a ‘wait-and-see’ approach. The FCA has been asked to publish concrete guidance by end-2026 on how Consumer Duty and the Senior Managers Regime apply when AI causes harm — a significant accountability question for every UK financial firm.
PE AI Leaders Outperform Peers by Execution Discipline, Not Spend
FTI Consulting · Strategy
FTI Consulting’s 2026 Private Equity AI Radar, drawing on 200 senior fund and operating leaders, found that 95% of funds report AI meeting or exceeding business case criteria, yet only 17% say it significantly exceeded expectations. A distinct ‘AI Alpha Tier’ of funds is emerging with materially better returns, faster exits, and greater portfolio company adoption — but the differentiator is not budget, as investment levels are broadly comparable. The gap is execution discipline: clear governance, full investment-cycle integration, and deliberate use-case selection rather than isolated pilots.
Banking AI Explainability Becomes Live Regulatory Exposure
TechBullion (via LLRX / beSpacific) · Risk
A growing regulatory consensus is forming that AI-powered credit decisioning tools must be explainable on demand — with full documentation, model lineage, and audit trails — or they constitute a regulatory liability rather than a competitive advantage. This is crystallising as examiners in the US and under the EU AI Act’s August 2026 deadline begin asking banks to demonstrate they can justify individual AI credit decisions. For firms that have deployed black-box models at scale, retrofitting explainability infrastructure is now an urgent compliance and reputational risk.
EU AI Act’s Dual Compliance Trap Tightens for Fintechs
Matproof · Regulation
With the EU AI Act’s high-risk provisions applying from 2 August 2026, fintechs face a unique dual compliance burden: AI-driven credit scoring, insurance risk pricing, and biometric verification are all classified as high-risk systems requiring full conformity assessments, risk management frameworks, and human oversight — on top of existing DORA obligations already in force since January 2025. Non-compliance fines can reach €35 million or 7% of global turnover, and the global reach of the Act means UK-based fintechs serving EU customers are also in scope. Firms are being advised to integrate AI Act requirements into their DORA frameworks rather than build separate compliance programmes.